US6233446B1 - Arrangement for improving security in a communication system supporting user mobility - Google Patents
Arrangement for improving security in a communication system supporting user mobility Download PDFInfo
- Publication number
- US6233446B1 US6233446B1 US09/413,219 US41321999A US6233446B1 US 6233446 B1 US6233446 B1 US 6233446B1 US 41321999 A US41321999 A US 41321999A US 6233446 B1 US6233446 B1 US 6233446B1
- Authority
- US
- United States
- Prior art keywords
- user
- access control
- access
- terminal
- arrangement
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/04—Protocols specially adapted for terminals or networks with limited capabilities; specially adapted for terminal portability
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
- H04L67/303—Terminal profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
- H04L67/306—User profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/51—Discovery or management thereof, e.g. service location protocol [SLP] or web services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/52—Network services specially adapted for the location of the user terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q3/00—Selecting arrangements
- H04Q3/0016—Arrangements providing connection between exchanges
- H04Q3/0029—Provisions for intelligent networking
- H04Q3/005—Personal communication services, e.g. provisions for portability of subscriber numbers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q3/00—Selecting arrangements
- H04Q3/0016—Arrangements providing connection between exchanges
- H04Q3/0062—Provisions for network management
- H04Q3/0095—Specification, development or application of network management software, e.g. software re-use
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/084—Access security using delegated authorisation, e.g. open authorisation [OAuth] protocol
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/03—Protocol definition or specification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W80/00—Wireless network protocols or protocol adaptations to wireless operation
- H04W80/04—Network layer protocols, e.g. mobile IP [Internet Protocol]
Definitions
- the present invention relates to an arrangement for improving security in a communications system, especially a telecommunications system, said system comprising distributed hardware and software components which interact in order to provide services to one or more users.
- the present invention concerns a user access control for distributed systems that support user mobility, i.e. users are allowed to move and use different terminals to access services.
- the Access control is the procedure used by the telecom system domain to ensure that the user accesses the telecom system domain in accordance with the restrictions specified at subscription [ 1 ]. When mobility is supported, every user will have the possibility to use any terminals at any access points.
- the access control procedure is also intended to limit the access capability of a user for the protection and privacy of third party.
- the third party can be the owner of the terminal or the access point, and must have the right to block or deblock, suspend or reset the service delivery at his terminal or access point to a user.
- terminal owner the third party
- He must have the rights to restrict the usage of the terminal, e.g. only allowing certain users while others are prohibited from using the terminal.
- the UPT Universal Personal Telecommunication
- the UPT (Universal Personal Telecommunication) [ 4 ] system comprises some sort of access control mechanisms but they are limited to telephony services and to voice terminals or telephone.
- a further object of the present invention is to introduce a generic access control in such distributed systems.
- the invention also suggests that this type of generic access control is related to personal mobility.
- FIG. 2 is a schematic diagram illustrating an embodiment of the present invention for carrying out access control, especially in relation to a information object Term_Profile.
- FIG. 3 is a schematic diagram illustrating an embodiment of a Terminal_Data object.
- FIG. 4 illustrates a computational model of the access control of a user for use of a terminal.
- FIG. 5 is a schematic diagram illustrating a user_registration object containing a list of allowed services.
- FIG. 6 is a schematic diagram illustrating the relation between user domain, terminal domain and telecom system domain as well as an embodiment of access control on the access to the telecom system.
- FIG. 7 is a block diagram illustrating the relation between user domain, terminal domain and telecom system domain, as well as an embodiment of access control on the axis to the telecom system.
- FIG. 1 there is illustrated a user which has access to a terminal which in turn is communicating with a telecom system which in turn is offering a plurality of services.
- PD_UA ProviderDomain_UserAgent representing a user in the telecom system domain.
- TA TerminalAgent representing a terminal in the telecom system do main
- NAP representing a Network Access Point
- TAP representing a Terminal Access Point
- the information required for to carrying out the access control is contained in the Usage_Restriction component of the object Term_Profile (see FIG. 2) which contains information about the terminal.
- the attribute All_Barring is used to specify that only the terminal owner can use the terminal.
- the terminal owner may also prevent a particular user or group of users from using his terminal by specifying the attribute Barring_List or to allow only certain user by specifying an Allowance_List.
- Modification of the Usage_restriction may be provided as an application where only the owner has the right to make access. The details of such an application and the specific layout of the Usage_Restriction is a matter of implementation and will not be carried further here.
- the object Terminal_Data which contains information required for the support terminal mobility such as state, NAPid, etc. may be equipped with a table of controlled and cleared users, called ClearedUserTable, as shown in FIG. 3 .
- the ClearedUserTable contains the references or CIIs (Computational Interface Identifier) of the PD_UAs whose access have been controlled.
- the TA assumes the Access control Enforcement Function (AEF).
- AEF Access control Enforcement Function
- the Access control Decision Function is allocated to an object called ADF.
- ADF Access control Procedure for use of the terminal is shown in FIG. 4 .
- the TA will check whether the identifier of the originating or addressed PD_UA is on the ClearedUserTable or not. If it is, TA will do the transfer of OpX If it is not, TA will initiate the access control Procedure.
- TA invokes Get(Usage_Restriction) on Term_Profile to acquire the access control Decision Information (ADI).
- ADI access control Decision Information
- the TA invokes the operation Decision_Request on the ADF object.
- the arguments of this operation are the ADI obtained from the Term_Profile.
- the ADF makes the decision and returns the Access_Result to TA.
- the Access_result may be granted or not_granted. If the Access_Result is not_granted, TA returns an error message to the originator of the operation.
- TA invokes the operation Update(CleareduserTable,PD_UARef) on Terminal_Data to register the PD_UA of the newly cleared user.
- One way of removing entries from ClearedUserTable, i.e the identifier (reference) of a PD_UA, is to restart a timer each time that entry is accessed. If the timer times out, the entry is removed. Some entries may be permanent, i.e. they are not associated with a timer.
- This type of access control is only intended to other users than the terminal owner himself. In fact, the terminal owner should never be prevented to use his terminal.
- the access to the telecom system domain and the access to the services are different types of access controls which are applicable to all the users including the terminal owner.
- NoRestr_List containing the PD_UA identifiers of the users who are by default allowed to use the terminal.
- the identifier of the terminal owner's PD_UA is one of them. This list must not be accessible to anyone but the telecom system domain operator itself, i.e. even not to the terminal owner.
- the list of allowed services for a user at a terminal is hence equal to or smaller than the list of subscribed services. This list is a column in the User_Registration object in FIG. 5 .
- the initiator of the access control service is User a .
- the target is the telecom system domain.
- the AEF is assumed by the PD_UA a .
- the ADF is assumed by the object ADF.
- the access of the user to the telecom system domain may be limited by some parameters such as Roaming_Restriction, Credit_Limit, Time_Restriction, etc. which are contained in the Service_Restriction attribute of the User_Profile object.
- the Service_Restriction attribute contains also a list of subscribed services. The use of the services in this list may be conditioned by the strength of the method used to authenticate the user, the location of the terminal, the call destination, etc.
- the Service_Restriction attribute may thus be quite complex.
- FIG. 6 A computational model of the access control service for access to the telecom system domain is shown in FIG. 6 .
- the access control procedure is as follows:
- the PD_UAa object invokes a Get(Service_Restriction) on the User_Profile to acquire the access control Decision Information (ADI).
- ADI access control Decision Information
- the PD_UAa object invokes a Get(SecurityData) on the User_Registration object to acquire the contextual information (result from the authentication service).
- the PD_UA a object invokes the operation Decision_Request on the ADF object.
- the arguments of this operation are the ADI obtained from User_Profile and the contextual information obtained from User_Registration.
- the ADF may use the access control services offered by the platform or a security system to obtain further contextual information such as time, system status, etc. and the access control policy rules.
- the ADF makes the decision and returns the Access_Result to PD_UAa together with SecurityData and AllowedServices.
- the Access_result may be granted, not_granted or suspended. If the Access_Result is Suspended, depending on the access control Policy the terminal will be, temporarily or permanently no longer allowed to access the telecom system domain.
- the SecurityData returned to the PD_UA a from the ADF will contain a NoOfRetries field increased by one.
- the NoOfRetries field indicates the number of unsuccessful access attempts and is used as contextual information for the next access control service.
- the PD_UA a will invoke the operation Set(SecurityData) on the User_Registration object to save the updated SecurityData.
- the PD_UA a will return the appropriate response containing a not_granted status.
- the AllowedServices containing an updated list of allowed services is returned to the PD_UA a .
- the PD_UAa will invoke the operation Set(AllowedServices) on the User_Registration object to save the updated AllowedServices.
- the PD_UA a will return the appropriate response containing a granted status.
- the user can now request the wanted service and is hence subject to the access control for the requested service.
- Outgoing services are initiated by the user himself while incoming services are delivered to him by other users or applications.
- the initiator of the access control service is Usera.
- the initiator is some other user or application.
- the target is the requested service.
- the AEF is assumed by the PD_UA a .
- the ADF is assumed by the object ADF.
- the access of the user to the requested service is limited by the information contained in the AllowedService list of the User_Registration object.
- Another restriction originates from the Usage_Restriction contained in the object Terminal_Data and set by the terminal owner.
- the terminal owner may allow only one or both of the two service types to be performed on his terminal.
- the attributes OutBarring and InBarring of the Usage_Restriction is used to specify, respectively, the users who are not allowed to use outgoing services and incoming services on the terminal (or who are allowed).
- the access control procedure is as follows:
- the PD_UA a object receives a ServiceReq(ServId) from either the user or an application.
- the PD_UAaobject invokes a Get(Usage_Restriction) on the TA.
- the PD_UA a object invokes a Get(AllowedService) on the User_Registration.
- the PD_UA a object invokes the operation Decision_Request on the ADF object.
- the arguments of this operation are the ADI obtained from the User_Registration object and the TA.
- the ADF makes the decision and returns the Access_Result to PD_UA a .
- the Access_result may be granted or not_granted.
- the PD_UA a will return the appropriate response to the requester.
- the access control on the requested service is shown in FIG. 7 .
- This invention has high level of flexibility in the sense that it can be used in different mobile distributed systems, public or private, local-area or wide-area, wireline or wireless.
Abstract
The present invention relates to an arrangement for improving security in a communications system, especially a telecommunications system, said system comprising distributed hardware and software components which interact in order to provide services to one or more users, and for the object of implementing this improvement this can according to the present invention be done by introducing in said system a generic access control. In a specific embodiment the invention suggests three types of access control especially related to access to the terminal in question, to the telecom system and to the requested services.
Description
This is a continuation of PCT application No. PCT/NO98/00109, filed Apr. 2, 1998, the entire content of which is hereby incorporated by reference in this application.
The present invention relates to an arrangement for improving security in a communications system, especially a telecommunications system, said system comprising distributed hardware and software components which interact in order to provide services to one or more users.
More specifically the present invention concerns a user access control for distributed systems that support user mobility, i.e. users are allowed to move and use different terminals to access services.
The Access control is the procedure used by the telecom system domain to ensure that the user accesses the telecom system domain in accordance with the restrictions specified at subscription [1]. When mobility is supported, every user will have the possibility to use any terminals at any access points. The access control procedure is also intended to limit the access capability of a user for the protection and privacy of third party. The third party can be the owner of the terminal or the access point, and must have the right to block or deblock, suspend or reset the service delivery at his terminal or access point to a user.
When the user is allowed to move and access to the telecommunication services anywhere and at any time, the risk of threats increases dramatically at the same time as the mechanisms necessary to enforce security become more difficult to realise. In systems supporting general mobility, fraudulent use of anyone's subscription can be attempted from any terminal and at any network access point. In this way the user may be exposed to various forms of fraud as, for example, fraudulent use of the user's resources by unauthorised parties who manage to take up the identity of the user, eavesdropping, unauthorised tapping or modification of information exchanged during communication, and disclosure of the user's physical location [4]. Another security problem arises because the user is allowed to use any terminal and at any network access point. Such a temporary usage may conflict with the use of the terminal by the terminal owners, also referred to as third parties [6]. In principle, third parties should not suffer in terms of loss of privacy or freedom of actions as a result of activities by the mobile user.
With mobility, users may make use of any existing and available terminals and network access points. However, this does not mean that the terminal owner (the third party) has to accept such actions on his terminal. He must have the rights to restrict the usage of the terminal, e.g. only allowing certain users while others are prohibited from using the terminal.
This may be done in many ways, e.g. by keeping the terminal in a secured place, use local password, etc., but such measures are cumbersome for the owner and often not secure enough. This is commonly referred as the protection of third parties.
The UPT (Universal Personal Telecommunication) [4] system comprises some sort of access control mechanisms but they are limited to telephony services and to voice terminals or telephone.
Consequently, there is a need for an improved user access control for distributed systems supporting user mobility.
The present invention has for an objective to address any mobile distributed system, any types of applications, i.e. voice, data, image, video, interactive, multimedia, etc., for in such mobile distributed systems to introduce an improved access control.
A further object of the present invention is to introduce a generic access control in such distributed systems.
Still another object of the present invention is to introduce such a generic access control for distributed systems supporting user mobility which can be used in mobile distributed systems comprising public or private, local-area or wide-area, wireline or wireless networks.
The above objects are achieved in an arrangement as stated in the preamble, which primarily is characterised by introducing in said system a user access control, for thereby enforcing security in communications systems.
In other words, the invention also suggests that this type of generic access control is related to personal mobility.
Further features and advantages of the present invention will appear from the following description taken in conjunction with the enclosed drawings, as well as from the appending patent claims.
FIG. 1 is a schematic diagram illustrating the main subject matter to which the present invention is related, namely by illustrating a user's access to the services in question.
FIG. 2 is a schematic diagram illustrating an embodiment of the present invention for carrying out access control, especially in relation to a information object Term_Profile.
FIG. 3 is a schematic diagram illustrating an embodiment of a Terminal_Data object.
FIG. 4 illustrates a computational model of the access control of a user for use of a terminal.
FIG. 5 is a schematic diagram illustrating a user_registration object containing a list of allowed services.
FIG. 6 is a schematic diagram illustrating the relation between user domain, terminal domain and telecom system domain as well as an embodiment of access control on the access to the telecom system.
FIG. 7 is a block diagram illustrating the relation between user domain, terminal domain and telecom system domain, as well as an embodiment of access control on the axis to the telecom system.
As stated previously, the present invention relates to user access control for distributed systems that support user mobility which means that the users are allowed to move and use different terminals to access services available to them.
In FIG. 1 there is illustrated a user which has access to a terminal which in turn is communicating with a telecom system which in turn is offering a plurality of services.
Before allowing the user to access the services offered by the telecom system domain, he is subject to three types of access control
access control concerning the use of the current terminal (protection of third party)
access control concerning the access to the telecom system
access control concerning the use of the service requested
Solution
We shall successively describe the three mentioned access controls.
Access Control for Use of the Current Terminal
With mobility, users may make use of any existing and available terminals and network access points. However, this does not mean that the terminal owner (the third party) has to accept such actions on his terminal. He must have the rights to restrict the usage of the terminal, e.g. only allowing certain users while other are prohibited from using the terminal. Of course, there are many ways to do this locally, e.g. keep the terminal in a secure place, use local password, etc. but they are cumbersome for the owner and often not secure enough. This is commonly referred as the protection of third parties [2].
Let us suppose that the mobile distributed system uses agent techniques to support mobility and has the following objects:
PD_UA (ProviderDomain_UserAgent) representing a user in the telecom system domain.
TA (TerminalAgent) representing a terminal in the telecom system do main
SPA (ServiceProvider Agent) representing the telecom system in the terminal domain
NAP representing a Network Access Point
TAP representing a Terminal Access Point
The information required for to carrying out the access control is contained in the Usage_Restriction component of the object Term_Profile (see FIG. 2) which contains information about the terminal. The attribute All_Barring is used to specify that only the terminal owner can use the terminal. The terminal owner may also prevent a particular user or group of users from using his terminal by specifying the attribute Barring_List or to allow only certain user by specifying an Allowance_List. Modification of the Usage_restriction may be provided as an application where only the owner has the right to make access. The details of such an application and the specific layout of the Usage_Restriction is a matter of implementation and will not be carried further here.
In order to support selective access control of the terminal, the object Terminal_Data which contains information required for the support terminal mobility such as state, NAPid, etc. may be equipped with a table of controlled and cleared users, called ClearedUserTable, as shown in FIG. 3. The ClearedUserTable contains the references or CIIs (Computational Interface Identifier) of the PD_UAs whose access have been controlled.
The TA assumes the Access control Enforcement Function (AEF). The Access control Decision Function is allocated to an object called ADF. The access control Procedure for use of the terminal is shown in FIG. 4.
1. Every time an operation OpX arrives at the TA, the TA will check whether the identifier of the originating or addressed PD_UA is on the ClearedUserTable or not. If it is, TA will do the transfer of OpX If it is not, TA will initiate the access control Procedure.
2. TA invokes Get(Usage_Restriction) on Term_Profile to acquire the access control Decision Information (ADI).
3. The TA invokes the operation Decision_Request on the ADF object. The arguments of this operation are the ADI obtained from the Term_Profile. The ADF makes the decision and returns the Access_Result to TA. The Access_result may be granted or not_granted. If the Access_Result is not_granted, TA returns an error message to the originator of the operation.
4. If the Access_Result is granted, TA invokes the operation Update(CleareduserTable,PD_UARef) on Terminal_Data to register the PD_UA of the newly cleared user.
One way of removing entries from ClearedUserTable, i.e the identifier (reference) of a PD_UA, is to restart a timer each time that entry is accessed. If the timer times out, the entry is removed. Some entries may be permanent, i.e. they are not associated with a timer.
This type of access control is only intended to other users than the terminal owner himself. In fact, the terminal owner should never be prevented to use his terminal. The access to the telecom system domain and the access to the services are different types of access controls which are applicable to all the users including the terminal owner.
In the object Usage_Restriction it is therefore necessary to define an additional attribute called NoRestr_List containing the PD_UA identifiers of the users who are by default allowed to use the terminal. The identifier of the terminal owner's PD_UA is one of them. This list must not be accessible to anyone but the telecom system domain operator itself, i.e. even not to the terminal owner. However, it may be possible to define an “emergency user”, i.e. every call to an emergency number will be effectual without being checked by the access control service.
Access Control for Access to the Telecom System Domain
If the user is allowed to use the terminal, it does not necessarily mean that he is allowed to access the telecom system domain. He may be located outside the roaming area; his credit with the operator may have run out; the authentication mechanism used to authenticate him may also be too weak and he is allowed to access a limited set of services. The list of allowed services for a user at a terminal is hence equal to or smaller than the list of subscribed services. This list is a column in the User_Registration object in FIG. 5.
The initiator of the access control service is Usera. The target is the telecom system domain. The AEF is assumed by the PD_UAa. The ADF is assumed by the object ADF. The access of the user to the telecom system domain may be limited by some parameters such as Roaming_Restriction, Credit_Limit, Time_Restriction, etc. which are contained in the Service_Restriction attribute of the User_Profile object. The Service_Restriction attribute contains also a list of subscribed services. The use of the services in this list may be conditioned by the strength of the method used to authenticate the user, the location of the terminal, the call destination, etc. The Service_Restriction attribute may thus be quite complex.
A computational model of the access control service for access to the telecom system domain is shown in FIG. 6. The access control procedure is as follows:
1. The PD_UAa object invokes a Get(Service_Restriction) on the User_Profile to acquire the access control Decision Information (ADI).
2. The PD_UAa object invokes a Get(SecurityData) on the User_Registration object to acquire the contextual information (result from the authentication service).
3. The PD_UAa object invokes the operation Decision_Request on the ADF object. The arguments of this operation are the ADI obtained from User_Profile and the contextual information obtained from User_Registration.
The ADF may use the access control services offered by the platform or a security system to obtain further contextual information such as time, system status, etc. and the access control policy rules. The ADF makes the decision and returns the Access_Result to PD_UAa together with SecurityData and AllowedServices.
The Access_result may be granted, not_granted or suspended. If the Access_Result is Suspended, depending on the access control Policy the terminal will be, temporarily or permanently no longer allowed to access the telecom system domain.
If the Access_Result is not_granted, the SecurityData returned to the PD_UAa from the ADF will contain a NoOfRetries field increased by one. The NoOfRetries field indicates the number of unsuccessful access attempts and is used as contextual information for the next access control service. The PD_UAa will invoke the operation Set(SecurityData) on the User_Registration object to save the updated SecurityData. Depending on the operation which initiated the access control procedure, the PD_UAa will return the appropriate response containing a not_granted status.
When the Access_Result is granted, the AllowedServices containing an updated list of allowed services is returned to the PD_UAa. The PD_UAa will invoke the operation Set(AllowedServices) on the User_Registration object to save the updated AllowedServices. Depending on the operation which initiated the access control procedure, the PD_UAa will return the appropriate response containing a granted status.
The user can now request the wanted service and is hence subject to the access control for the requested service.
Access Control for the Requested Service
There are two types of services, outgoing and incoming. Outgoing services are initiated by the user himself while incoming services are delivered to him by other users or applications.
For outgoing services, the initiator of the access control service is Usera. For incoming services the initiator is some other user or application. The target is the requested service. The AEF is assumed by the PD_UAa. The ADF is assumed by the object ADF. The access of the user to the requested service is limited by the information contained in the AllowedService list of the User_Registration object. Another restriction originates from the Usage_Restriction contained in the object Terminal_Data and set by the terminal owner. The terminal owner may allow only one or both of the two service types to be performed on his terminal. The attributes OutBarring and InBarring of the Usage_Restriction is used to specify, respectively, the users who are not allowed to use outgoing services and incoming services on the terminal (or who are allowed).
The access control procedure is as follows:
1. The PD_UAa object receives a ServiceReq(ServId) from either the user or an application.
3. The PD_UAaobject invokes a Get(Usage_Restriction) on the TA.
3. The PD_UAa object invokes a Get(AllowedService) on the User_Registration.
2. The PD_UAa object invokes the operation Decision_Request on the ADF object. The arguments of this operation are the ADI obtained from the User_Registration object and the TA.
The ADF makes the decision and returns the Access_Result to PD_UAa. The Access_result may be granted or not_granted. Depending on the operation which initiated the access control procedure, the PD_UAa will return the appropriate response to the requester. The access control on the requested service is shown in FIG. 7.
This invention has high level of flexibility in the sense that it can be used in different mobile distributed systems, public or private, local-area or wide-area, wireline or wireless.
It is a complete access control in the sense that it contains all the three types of access control.
Important features of the invention may be listed as follows.
Claims (7)
1. An arrangement for improving security in a communications system including distributed hardware and software components which interact in order to provide services to one or more users, the arrangement comprising:
an access control system or function relating to personal mobility provided in said communications system for enforcing security;
wherein said access control system or function subjects a user to at least the following types of access control which are carried out in the following order: a) access control to a terminal verifying that the user is authorized to use the terminal, b) access control to a telecom system related to said communications system for checking whether the user is authorized to access the telecom system so as to enable prevention of the user from accessing the telecom system if the user is not authorized to do so, and c) access control to a requested service for checking whether the user is authorized to use the specific requested service;
wherein the user can thus move between and user different terminals, and the user can subscribe to and services in addition to a voice communication service; and
wherein said access controls a) through c) are carried out before the user is allowed access to the requested service provided by the communications system.
2. Arrangement as claimed in claim 1, wherein said access control system is introduced in any Open Distributed Processing (ODP) system and/or any common Request Broker Architecture (CORBA) system.
3. Arrangement as claimed in claim 1, wherein the information required for carrying out said access controls is contained in a Usage Restriction component of a Term Profile object containing information about a terminal in question.
4. Arrangement as claimed in claim 3, further comprising a Terminal data object containing information required or supporting terminal mobility, said object also comprising a table of controlled and cleared users.
5. Arrangement as claimed in claim 4, wherein said Term Profile object and said Terminal Data object are found in the telecom system domain, and are controlled by agent techniques comprising a Terminal Agent (TA).
6. Arrangement as claimed in claim 3, wherein in the telecom system domain there is provided one or more timers which are restarted each time an entry is accessed, the setting of a timer deciding the maintenance of said entry, and wherein entries not associated with a timer are regarded as permanent entries.
7. A method of improving security in a communications system including distributed hardware and software components which interact in order to provide services to one or more users, the method comprising:
providing an access control system or function relating to personal mobility in the communications system for enforcing security;
said access control system or function performing the following access controls on a user in the following order: a) access control to a terminal verifying that the user is authorized to use the terminal, b) access control to a telecom system related to said communications system checking whether the user is authorized to access the telecom system and preventing the user from accessing the telecom system if the user is not authorized to do so, and c) access control to a requested service checking whether the user is authorized to use the requested service; and
performing said access controls a) through c) and if the user passes said access controls a) through c) then allowing the user access to the requested service provided by the communications system.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
NO971605A NO971605L (en) | 1997-04-08 | 1997-04-08 | Device for improving accessibility of services in a communication system |
NO971605 | 1997-04-08 | ||
PCT/NO1998/000109 WO1998045982A2 (en) | 1997-04-08 | 1998-04-02 | Arrangement for improving security in a communication system supporting user mobility |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/NO1998/000109 Continuation WO1998045982A2 (en) | 1997-04-08 | 1998-04-02 | Arrangement for improving security in a communication system supporting user mobility |
Publications (1)
Publication Number | Publication Date |
---|---|
US6233446B1 true US6233446B1 (en) | 2001-05-15 |
Family
ID=19900586
Family Applications (7)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/413,219 Expired - Lifetime US6233446B1 (en) | 1997-04-08 | 1999-10-05 | Arrangement for improving security in a communication system supporting user mobility |
US09/413,218 Expired - Lifetime US6275709B1 (en) | 1997-04-08 | 1999-10-05 | Arrangement for improving availability of services in a communication system |
US09/412,334 Expired - Lifetime US6964050B1 (en) | 1997-04-08 | 1999-10-05 | Arrangement for simplifying the design and implementation of mobile services in a communication system |
US09/413,217 Expired - Lifetime US6389037B1 (en) | 1997-04-08 | 1999-10-05 | Arrangement for improving the architecture of mobile communication systems |
US09/413,215 Expired - Lifetime US6336130B1 (en) | 1997-04-08 | 1999-10-05 | Arrangement for improving availability of services in a communication system |
US09/413,216 Expired - Lifetime US6332081B1 (en) | 1997-04-08 | 1999-10-05 | Arrangement for improving availability of services in a communication system |
US09/412,335 Expired - Lifetime US6490613B1 (en) | 1997-04-08 | 1999-10-05 | Arrangement for extending service support in a communication system |
Family Applications After (6)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/413,218 Expired - Lifetime US6275709B1 (en) | 1997-04-08 | 1999-10-05 | Arrangement for improving availability of services in a communication system |
US09/412,334 Expired - Lifetime US6964050B1 (en) | 1997-04-08 | 1999-10-05 | Arrangement for simplifying the design and implementation of mobile services in a communication system |
US09/413,217 Expired - Lifetime US6389037B1 (en) | 1997-04-08 | 1999-10-05 | Arrangement for improving the architecture of mobile communication systems |
US09/413,215 Expired - Lifetime US6336130B1 (en) | 1997-04-08 | 1999-10-05 | Arrangement for improving availability of services in a communication system |
US09/413,216 Expired - Lifetime US6332081B1 (en) | 1997-04-08 | 1999-10-05 | Arrangement for improving availability of services in a communication system |
US09/412,335 Expired - Lifetime US6490613B1 (en) | 1997-04-08 | 1999-10-05 | Arrangement for extending service support in a communication system |
Country Status (7)
Country | Link |
---|---|
US (7) | US6233446B1 (en) |
EP (7) | EP0974233B1 (en) |
JP (7) | JP2001521690A (en) |
AU (7) | AU6857498A (en) |
DE (2) | DE69841308D1 (en) |
NO (1) | NO971605L (en) |
WO (7) | WO1998046036A1 (en) |
Cited By (35)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6490613B1 (en) | 1997-04-08 | 2002-12-03 | Telefonaktiebolaget Lm Ericsson (Publ) | Arrangement for extending service support in a communication system |
US20040023640A1 (en) * | 2002-08-02 | 2004-02-05 | Ballai Philip N. | System and method for detection of a rogue wireless access point in a wireless communication network |
WO2004017592A1 (en) * | 2002-08-19 | 2004-02-26 | Research In Motion Limited | System and method for secure control of resources of wireless mobile communication device |
US20040205004A1 (en) * | 2000-02-22 | 2004-10-14 | Paramvir Bahl | Methods and systems for providing variable rates of service for accessing networks, methods and systems for accessing the internet |
US20040215956A1 (en) * | 2000-02-22 | 2004-10-28 | Microsoft Corporation | Methods and systems for accessing networks, methods and systems for accessing the internet |
US20040249927A1 (en) * | 2000-07-17 | 2004-12-09 | David Pezutti | Intelligent network providing network access services (INP-NAS) |
WO2004109535A1 (en) * | 2003-06-05 | 2004-12-16 | Ipass Inc. | Method and system of providing access point data associated with a network access point |
US20050021781A1 (en) * | 2003-06-05 | 2005-01-27 | Singam Sunder | Method and system of providing access point data associated with a network access point |
US20090150525A1 (en) * | 2004-04-08 | 2009-06-11 | Ipass, Inc. | Method and system for verifying and updating the configuration of an access device during authentication |
US8255569B1 (en) | 2000-02-22 | 2012-08-28 | Microsoft Corporation | Methods and systems for compressing data packets |
US8626139B2 (en) | 2002-11-08 | 2014-01-07 | Blackberry Limited | System and method of connection control for wireless mobile communication devices |
USRE44746E1 (en) | 2004-04-30 | 2014-02-04 | Blackberry Limited | System and method for handling data transfers |
US8656016B1 (en) | 2012-10-24 | 2014-02-18 | Blackberry Limited | Managing application execution and data access on a device |
US8799227B2 (en) | 2011-11-11 | 2014-08-05 | Blackberry Limited | Presenting metadata from multiple perimeters |
US8893219B2 (en) | 2012-02-17 | 2014-11-18 | Blackberry Limited | Certificate management method based on connectivity and policy |
US8931045B2 (en) | 2012-02-16 | 2015-01-06 | Blackberry Limited | Method and apparatus for management of multiple grouped resources on device |
US8972762B2 (en) | 2012-07-11 | 2015-03-03 | Blackberry Limited | Computing devices and methods for resetting inactivity timers on computing devices |
US9047451B2 (en) | 2010-09-24 | 2015-06-02 | Blackberry Limited | Method and apparatus for differentiated access control |
US9075955B2 (en) | 2012-10-24 | 2015-07-07 | Blackberry Limited | Managing permission settings applied to applications |
US9077622B2 (en) | 2012-02-16 | 2015-07-07 | Blackberry Limited | Method and apparatus for automatic VPN login on interface selection |
US9137668B2 (en) | 2004-02-26 | 2015-09-15 | Blackberry Limited | Computing device with environment aware features |
US9147085B2 (en) | 2010-09-24 | 2015-09-29 | Blackberry Limited | Method for establishing a plurality of modes of operation on a mobile device |
US9161226B2 (en) | 2011-10-17 | 2015-10-13 | Blackberry Limited | Associating services to perimeters |
US9225727B2 (en) | 2010-11-15 | 2015-12-29 | Blackberry Limited | Data source based application sandboxing |
US9262604B2 (en) | 2012-02-01 | 2016-02-16 | Blackberry Limited | Method and system for locking an electronic device |
US9282099B2 (en) | 2005-06-29 | 2016-03-08 | Blackberry Limited | System and method for privilege management and revocation |
US9306948B2 (en) | 2012-02-16 | 2016-04-05 | Blackberry Limited | Method and apparatus for separation of connection data by perimeter type |
US9369466B2 (en) | 2012-06-21 | 2016-06-14 | Blackberry Limited | Managing use of network resources |
US9378394B2 (en) | 2010-09-24 | 2016-06-28 | Blackberry Limited | Method and apparatus for differentiated access control |
US9386451B2 (en) | 2013-01-29 | 2016-07-05 | Blackberry Limited | Managing application access to certificates and keys |
US9426145B2 (en) | 2012-02-17 | 2016-08-23 | Blackberry Limited | Designation of classes for certificates and keys |
US9497220B2 (en) | 2011-10-17 | 2016-11-15 | Blackberry Limited | Dynamically generating perimeters |
US9698975B2 (en) | 2012-02-15 | 2017-07-04 | Blackberry Limited | Key management on device for perimeters |
US9967055B2 (en) | 2011-08-08 | 2018-05-08 | Blackberry Limited | System and method to increase link adaptation performance with multi-level feedback |
US10848520B2 (en) | 2011-11-10 | 2020-11-24 | Blackberry Limited | Managing access to resources |
Families Citing this family (54)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0964588A2 (en) * | 1998-06-12 | 1999-12-15 | Alcatel | A communications network system with discrete terminal mobility and remote user registration |
CA2290221A1 (en) * | 1998-11-23 | 2000-05-23 | Siemens Information And Communication Networks, Inc. | An intelligent telecommunications management network (tmn) |
US6742037B1 (en) * | 1998-12-01 | 2004-05-25 | Nortel Networks Limited | Method and apparatus for dynamic information transfer from a mobile target to a fixed target that tracks their relative movement and synchronizes data between them |
US6564261B1 (en) * | 1999-05-10 | 2003-05-13 | Telefonaktiebolaget Lm Ericsson (Publ) | Distributed system to intelligently establish sessions between anonymous users over various networks |
NO992605L (en) | 1999-05-31 | 2000-12-01 | Ericsson Telefon Ab L M | Support for telecommunication system mobility |
US7079499B1 (en) | 1999-09-08 | 2006-07-18 | Nortel Networks Limited | Internet protocol mobility architecture framework |
WO2001019050A2 (en) * | 1999-09-08 | 2001-03-15 | Nortel Networks Limited | Internet protocol mobility architecture framework |
US6769000B1 (en) | 1999-09-08 | 2004-07-27 | Nortel Networks Limited | Unified directory services architecture for an IP mobility architecture framework |
EP1091599A1 (en) * | 1999-10-08 | 2001-04-11 | Alcatel | Method for accessing a service platform such as TINA via an internet browser session |
JP3545666B2 (en) * | 2000-02-14 | 2004-07-21 | 株式会社東芝 | Service providing system for mobile terminals |
FI112757B (en) | 2000-05-19 | 2003-12-31 | Nokia Corp | Method and apparatus for data communication |
US20020095502A1 (en) * | 2001-01-16 | 2002-07-18 | Chester James S. | Business-to-business service provider system for intranet and internet applications |
US6996372B2 (en) * | 2001-09-06 | 2006-02-07 | Hughes Electronics Corporation | Mobility management-radio resource layer interface system and method for handling dark beam scenarios |
US6779934B2 (en) * | 2001-10-25 | 2004-08-24 | Hewlett-Packard Development Company, L.P. | Printer having a spell checking feature |
EP2211520A3 (en) | 2002-02-14 | 2010-11-10 | Avaya Inc. | Presence and availability tracking |
US7988398B2 (en) * | 2002-07-22 | 2011-08-02 | Brooks Automation, Inc. | Linear substrate transport apparatus |
US7023980B2 (en) | 2002-12-04 | 2006-04-04 | Avaya Technology Corp. | Outbound dialing decision criteria based |
US7474741B2 (en) | 2003-01-20 | 2009-01-06 | Avaya Inc. | Messaging advise in presence-aware networks |
CN100428710C (en) * | 2003-03-13 | 2008-10-22 | 华为技术有限公司 | Network mutual access controlling method |
US6931024B2 (en) * | 2003-05-07 | 2005-08-16 | Qwest Communications International Inc. | Systems and methods for providing pooled access in a telecommunications network |
US7099307B2 (en) * | 2003-05-07 | 2006-08-29 | Qwest Communications International Inc. | Automated cross-box and methods for using an automated cross-box |
GB0312009D0 (en) * | 2003-05-24 | 2003-07-02 | Univ Strathclyde | Management and control of telecommunication services delivery |
US8094804B2 (en) | 2003-09-26 | 2012-01-10 | Avaya Inc. | Method and apparatus for assessing the status of work waiting for service |
DE10351961B4 (en) * | 2003-11-07 | 2008-01-10 | Siemens Ag | Method for transmitting encrypted user data objects |
US9398152B2 (en) | 2004-02-25 | 2016-07-19 | Avaya Inc. | Using business rules for determining presence |
US7953859B1 (en) | 2004-03-31 | 2011-05-31 | Avaya Inc. | Data model of participation in multi-channel and multi-party contacts |
US7734032B1 (en) | 2004-03-31 | 2010-06-08 | Avaya Inc. | Contact center and method for tracking and acting on one and done customer contacts |
US8000989B1 (en) | 2004-03-31 | 2011-08-16 | Avaya Inc. | Using true value in routing work items to resources |
US7769154B1 (en) | 2004-06-09 | 2010-08-03 | Avaya Inc. | Aggregated perceived presence |
US7983148B1 (en) | 2004-07-12 | 2011-07-19 | Avaya Inc. | Disaster recovery via alternative terminals and partitioned networks |
US8738412B2 (en) | 2004-07-13 | 2014-05-27 | Avaya Inc. | Method and apparatus for supporting individualized selection rules for resource allocation |
US7949121B1 (en) | 2004-09-27 | 2011-05-24 | Avaya Inc. | Method and apparatus for the simultaneous delivery of multiple contacts to an agent |
US8234141B1 (en) | 2004-09-27 | 2012-07-31 | Avaya Inc. | Dynamic work assignment strategies based on multiple aspects of agent proficiency |
US7809127B2 (en) | 2005-05-26 | 2010-10-05 | Avaya Inc. | Method for discovering problem agent behaviors |
US20060291481A1 (en) * | 2005-06-27 | 2006-12-28 | Matsushita Electric Industrial Co., Ltd. | Application session resumption in mobile environments |
US7779042B1 (en) | 2005-08-08 | 2010-08-17 | Avaya Inc. | Deferred control of surrogate key generation in a distributed processing architecture |
US7822587B1 (en) | 2005-10-03 | 2010-10-26 | Avaya Inc. | Hybrid database architecture for both maintaining and relaxing type 2 data entity behavior |
US7752230B2 (en) | 2005-10-06 | 2010-07-06 | Avaya Inc. | Data extensibility using external database tables |
US7787609B1 (en) | 2005-10-06 | 2010-08-31 | Avaya Inc. | Prioritized service delivery based on presence and availability of interruptible enterprise resources with skills |
US8737173B2 (en) | 2006-02-24 | 2014-05-27 | Avaya Inc. | Date and time dimensions for contact center reporting in arbitrary international time zones |
US20070271079A1 (en) * | 2006-05-17 | 2007-11-22 | Kentaro Oguchi | Simulator for Vehicle Radio Propagation Including Shadowing Effects |
US8842818B2 (en) | 2006-06-30 | 2014-09-23 | Avaya Inc. | IP telephony architecture including information storage and retrieval system to track fluency |
US7936867B1 (en) | 2006-08-15 | 2011-05-03 | Avaya Inc. | Multi-service request within a contact center |
US8391463B1 (en) | 2006-09-01 | 2013-03-05 | Avaya Inc. | Method and apparatus for identifying related contacts |
US8811597B1 (en) | 2006-09-07 | 2014-08-19 | Avaya Inc. | Contact center performance prediction |
US8938063B1 (en) | 2006-09-07 | 2015-01-20 | Avaya Inc. | Contact center service monitoring and correcting |
US7573996B1 (en) | 2006-10-03 | 2009-08-11 | Avaya Inc. | Presence based callback |
US8150003B1 (en) | 2007-01-23 | 2012-04-03 | Avaya Inc. | Caller initiated undivert from voicemail |
US10671600B1 (en) | 2007-07-24 | 2020-06-02 | Avaya Inc. | Communications-enabled dynamic social network routing utilizing presence |
US8504534B1 (en) | 2007-09-26 | 2013-08-06 | Avaya Inc. | Database structures and administration techniques for generalized localization of database items |
US8856182B2 (en) | 2008-01-25 | 2014-10-07 | Avaya Inc. | Report database dependency tracing through business intelligence metadata |
US8301581B2 (en) | 2009-09-24 | 2012-10-30 | Avaya Inc. | Group compositing algorithms for presence |
US8565386B2 (en) | 2009-09-29 | 2013-10-22 | Avaya Inc. | Automatic configuration of soft phones that are usable in conjunction with special-purpose endpoints |
US9516069B2 (en) | 2009-11-17 | 2016-12-06 | Avaya Inc. | Packet headers as a trigger for automatic activation of special-purpose softphone applications |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5291479A (en) | 1991-07-16 | 1994-03-01 | Digital Technics, Inc. | Modular user programmable telecommunications system with distributed processing |
EP0684741A1 (en) | 1994-05-04 | 1995-11-29 | Gpt Limited | Connectionless information service delivery |
WO1995035611A2 (en) | 1994-06-13 | 1995-12-28 | Telefonaktiebolaget Lm Ericsson | A resource model and architecture for a connection handling system |
US5509053A (en) | 1994-09-14 | 1996-04-16 | Motorola, Inc. | Method and apparatus for routing a call to a mobile communication unit in a telepoint communication system |
WO1996025012A1 (en) | 1995-02-07 | 1996-08-15 | British Telecommunications Public Limited Company | Information services provision and management |
US5572528A (en) | 1995-03-20 | 1996-11-05 | Novell, Inc. | Mobile networking method and apparatus |
US5608447A (en) | 1994-05-27 | 1997-03-04 | Bell Atlantic | Full service network |
US5615351A (en) | 1995-07-07 | 1997-03-25 | Bell Communications Research, Inc. | Method and system for correlating usage data in a distributed architecture |
US5765108A (en) * | 1991-07-31 | 1998-06-09 | Telstra Corporation Limited | Telecommunications system |
US5825759A (en) * | 1994-10-26 | 1998-10-20 | Telefonaktiebolaget Lm Ericsson | Distributing network services and resources in a mobile communications network |
USH1837H (en) * | 1997-09-26 | 2000-02-01 | Fletcher; Anthony G. | Generic telecommunications system and associated call processing architecture |
US6052589A (en) * | 1997-02-19 | 2000-04-18 | Telefonaktiebolaget Lm Ericsson | Method and arrangement relating to telecommunications systems |
US6073010A (en) * | 1995-04-28 | 2000-06-06 | Telefonaktiebolaget Lm Ericsson (Publ) | System and method for restricting mobility of subscribers assigned to fixed subscription areas in a cellular telecommunications network |
Family Cites Families (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0442645A (en) * | 1990-06-08 | 1992-02-13 | Oki Electric Ind Co Ltd | Method and circuit for both speech information remote registration and registration speech information transmission and automobile telephone circuit device |
FR2679348B1 (en) * | 1991-07-16 | 1993-10-08 | Alcatel Cit | SOFTWARE STRUCTURE FOR INFORMATION PROCESSING SYSTEM. |
SG43752A1 (en) * | 1993-01-21 | 1997-11-14 | At & T Corp | Directory structure for large scale telecommunications network allowing location of roaming mobile subcribers |
CA2088420C (en) * | 1993-01-29 | 1996-10-08 | Deborah L. Pinard | Method of establishing communication link to one of multiple devices associated with single telephone number |
US5517677A (en) * | 1993-05-13 | 1996-05-14 | Uniden America Corporation | Adaptive weighting of a scanning sequence |
NL9301492A (en) * | 1993-08-31 | 1995-03-16 | Nederland Ptt | System for mobile communication in overlapping communication domains. |
US5764730A (en) * | 1994-10-05 | 1998-06-09 | Motorola | Radiotelephone having a plurality of subscriber identities and method for operating the same |
US5659544A (en) * | 1994-10-17 | 1997-08-19 | Lucent Technologies Inc. | Method and system for distributed control in wireless cellular and personal communication systems |
FR2733960B1 (en) | 1995-05-11 | 1997-06-27 | Sub Pratique | SELF-CONTAINED DIVE BREATHING APPARATUS WITH MIDDLE PRESSURE CONNECTIONS WHICH CAN BE CONNECTED AND DISCONNECTED IN DIVING, AND METHOD OF USING THE SAME |
GB2301734B (en) * | 1995-05-31 | 1999-10-20 | Motorola Ltd | Communications system and method of operation |
US5701451A (en) * | 1995-06-07 | 1997-12-23 | International Business Machines Corporation | Method for fulfilling requests of a web browser |
CA2179337C (en) * | 1995-08-22 | 2000-11-14 | Thomas F. Laporta | Network-based migrating user agents for personal communication services |
US5657390A (en) * | 1995-08-25 | 1997-08-12 | Netscape Communications Corporation | Secure socket layer application program apparatus and method |
US5841764A (en) * | 1995-10-30 | 1998-11-24 | Ericsson Inc. | Method and apparatus for permitting a radio to originate and receive data messages in a data communications network |
JP3282652B2 (en) * | 1996-02-19 | 2002-05-20 | 日本電気株式会社 | OSI multi-layer management system |
US5956637A (en) * | 1996-02-20 | 1999-09-21 | Telefonaktiebolaget L M Ericsson (Publ) | Subscriber database management in a mobile telecommunications system |
US6021331A (en) * | 1996-02-22 | 2000-02-01 | Alcatel Usa Sourcing, L.P. | Control system for a telecommunications system |
US5890064A (en) * | 1996-03-13 | 1999-03-30 | Telefonaktiebolaget L M Ericsson (Publ) | Mobile telecommunications network having integrated wireless office system |
US5915225A (en) * | 1996-03-28 | 1999-06-22 | Ericsson Inc. | Remotely retrieving SIM stored data over a connection-less communications link |
US5914668A (en) * | 1996-08-30 | 1999-06-22 | Lucent Technologies Inc. | Wireless terminal controlled mobility operational parameters |
US5850444A (en) * | 1996-09-09 | 1998-12-15 | Telefonaktienbolaget L/M Ericsson (Publ) | Method and apparatus for encrypting radio traffic in a telecommunications network |
US5978672A (en) * | 1996-09-27 | 1999-11-02 | Global Mobility Systems, Inc. | Mobility extended telephone application programming interface and method of use |
EP0852448A1 (en) * | 1997-01-02 | 1998-07-08 | Nokia Mobile Phones Ltd. | User terminal for mobile communications |
US5974331A (en) * | 1997-04-04 | 1999-10-26 | U S West, Inc. | Method and system for dynamically assigning features and users to wireline interfaces |
NO971605L (en) | 1997-04-08 | 1998-10-09 | Ericsson Telefon Ab L M | Device for improving accessibility of services in a communication system |
US5937345A (en) * | 1997-05-02 | 1999-08-10 | Nortel Networks Corporation | Method and apparatus for intercepting calls in a communications system |
US6076099A (en) * | 1997-09-09 | 2000-06-13 | Chen; Thomas C. H. | Method for configurable intelligent-agent-based wireless communication system |
GB2332288A (en) * | 1997-12-10 | 1999-06-16 | Northern Telecom Ltd | agent enabling technology |
-
1997
- 1997-04-08 NO NO971605A patent/NO971605L/en not_active Application Discontinuation
-
1998
- 1998-04-02 EP EP98914159A patent/EP0974233B1/en not_active Expired - Lifetime
- 1998-04-02 JP JP54263898A patent/JP2001521690A/en active Pending
- 1998-04-02 JP JP54263698A patent/JP4234210B2/en not_active Expired - Lifetime
- 1998-04-02 AU AU68574/98A patent/AU6857498A/en not_active Abandoned
- 1998-04-02 AU AU68570/98A patent/AU6857098A/en not_active Abandoned
- 1998-04-02 JP JP54263798A patent/JP4267708B2/en not_active Expired - Lifetime
- 1998-04-02 WO PCT/NO1998/000108 patent/WO1998046036A1/en active Application Filing
- 1998-04-02 AU AU68572/98A patent/AU6857298A/en not_active Abandoned
- 1998-04-02 JP JP54263398A patent/JP2001521687A/en active Pending
- 1998-04-02 JP JP54263298A patent/JP2001521686A/en active Pending
- 1998-04-02 EP EP98914160A patent/EP0981876A2/en not_active Withdrawn
- 1998-04-02 AU AU68571/98A patent/AU6857198A/en not_active Abandoned
- 1998-04-02 AU AU68575/98A patent/AU6857598A/en not_active Abandoned
- 1998-04-02 EP EP98914156A patent/EP0974235A2/en not_active Ceased
- 1998-04-02 AU AU68573/98A patent/AU6857398A/en not_active Abandoned
- 1998-04-02 WO PCT/NO1998/000110 patent/WO1998045989A2/en not_active Application Discontinuation
- 1998-04-02 WO PCT/NO1998/000106 patent/WO1998045987A2/en not_active Application Discontinuation
- 1998-04-02 DE DE69841308T patent/DE69841308D1/en not_active Expired - Lifetime
- 1998-04-02 WO PCT/NO1998/000109 patent/WO1998045982A2/en active IP Right Grant
- 1998-04-02 EP EP98914158A patent/EP0981921B1/en not_active Expired - Lifetime
- 1998-04-02 JP JP54263498A patent/JP2001521688A/en active Pending
- 1998-04-02 EP EP98914154A patent/EP0974214A1/en not_active Withdrawn
- 1998-04-02 EP EP98914157A patent/EP0980629A2/en not_active Withdrawn
- 1998-04-02 DE DE69837040T patent/DE69837040T2/en not_active Expired - Lifetime
- 1998-04-02 WO PCT/NO1998/000107 patent/WO1998045988A2/en active Application Filing
- 1998-04-02 EP EP98914155A patent/EP0976222A2/en not_active Withdrawn
- 1998-04-02 WO PCT/NO1998/000105 patent/WO1998045986A2/en not_active Application Discontinuation
- 1998-04-02 WO PCT/NO1998/000104 patent/WO1998045985A1/en not_active Application Discontinuation
- 1998-04-02 JP JP54263598A patent/JP2001521689A/en active Pending
- 1998-04-02 AU AU68576/98A patent/AU6857698A/en not_active Abandoned
-
1999
- 1999-10-05 US US09/413,219 patent/US6233446B1/en not_active Expired - Lifetime
- 1999-10-05 US US09/413,218 patent/US6275709B1/en not_active Expired - Lifetime
- 1999-10-05 US US09/412,334 patent/US6964050B1/en not_active Expired - Lifetime
- 1999-10-05 US US09/413,217 patent/US6389037B1/en not_active Expired - Lifetime
- 1999-10-05 US US09/413,215 patent/US6336130B1/en not_active Expired - Lifetime
- 1999-10-05 US US09/413,216 patent/US6332081B1/en not_active Expired - Lifetime
- 1999-10-05 US US09/412,335 patent/US6490613B1/en not_active Expired - Lifetime
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5291479A (en) | 1991-07-16 | 1994-03-01 | Digital Technics, Inc. | Modular user programmable telecommunications system with distributed processing |
US5765108A (en) * | 1991-07-31 | 1998-06-09 | Telstra Corporation Limited | Telecommunications system |
EP0684741A1 (en) | 1994-05-04 | 1995-11-29 | Gpt Limited | Connectionless information service delivery |
US5608447A (en) | 1994-05-27 | 1997-03-04 | Bell Atlantic | Full service network |
WO1995035611A2 (en) | 1994-06-13 | 1995-12-28 | Telefonaktiebolaget Lm Ericsson | A resource model and architecture for a connection handling system |
US5509053A (en) | 1994-09-14 | 1996-04-16 | Motorola, Inc. | Method and apparatus for routing a call to a mobile communication unit in a telepoint communication system |
US5825759A (en) * | 1994-10-26 | 1998-10-20 | Telefonaktiebolaget Lm Ericsson | Distributing network services and resources in a mobile communications network |
WO1996025012A1 (en) | 1995-02-07 | 1996-08-15 | British Telecommunications Public Limited Company | Information services provision and management |
US5572528A (en) | 1995-03-20 | 1996-11-05 | Novell, Inc. | Mobile networking method and apparatus |
US6073010A (en) * | 1995-04-28 | 2000-06-06 | Telefonaktiebolaget Lm Ericsson (Publ) | System and method for restricting mobility of subscribers assigned to fixed subscription areas in a cellular telecommunications network |
US5615351A (en) | 1995-07-07 | 1997-03-25 | Bell Communications Research, Inc. | Method and system for correlating usage data in a distributed architecture |
US6052589A (en) * | 1997-02-19 | 2000-04-18 | Telefonaktiebolaget Lm Ericsson | Method and arrangement relating to telecommunications systems |
USH1837H (en) * | 1997-09-26 | 2000-02-01 | Fletcher; Anthony G. | Generic telecommunications system and associated call processing architecture |
Non-Patent Citations (4)
Title |
---|
IEEE 46th Vehicular Technology Conference, Apr. 28-May 1, 1996, Atlanta, Georgia, pp. 1825-1829, van Thanh et al., "Making Mobility Transparent to the Applications". |
IEEE Communication Magazaine, vol. 36, No. 3, Mar. 1998, France, Juan Pavón et al., pp. 72-79, "COBRA for Network and Service Management in the TINA Framework". |
International Conference on Network Protocols, Nov. 1995, Tokyo, Japan, pp. 296-304, Choong Seon Hong et al., "Service and connection management architecture for distributed multimedia application". |
Telektronikk, vol. 90, No. 2, 1994, Norway, pp. 72-79, T. Handegærd, "The TINA Consortium". |
Cited By (76)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6490613B1 (en) | 1997-04-08 | 2002-12-03 | Telefonaktiebolaget Lm Ericsson (Publ) | Arrangement for extending service support in a communication system |
US20050022001A1 (en) * | 2000-02-22 | 2005-01-27 | Microsoft Corporation | Methods and systems for providing variable rates of service for accessing networks, methods and systems for accessing the internet |
US20060168454A1 (en) * | 2000-02-22 | 2006-07-27 | Microsoft Corporation | Methods and systems for accessing networks, methods and systems for accessing the internet |
US20040205004A1 (en) * | 2000-02-22 | 2004-10-14 | Paramvir Bahl | Methods and systems for providing variable rates of service for accessing networks, methods and systems for accessing the internet |
US20040215956A1 (en) * | 2000-02-22 | 2004-10-28 | Microsoft Corporation | Methods and systems for accessing networks, methods and systems for accessing the internet |
US7444510B2 (en) | 2000-02-22 | 2008-10-28 | Microsoft Corporation | Methods and systems for accessing networks, methods and systems for accessing the internet |
US8255569B1 (en) | 2000-02-22 | 2012-08-28 | Microsoft Corporation | Methods and systems for compressing data packets |
US7406707B2 (en) | 2000-02-22 | 2008-07-29 | Microsoft Corporation | Methods and systems for accessing networks methods and systems for accessing the internet |
US7548976B2 (en) | 2000-02-22 | 2009-06-16 | Microsoft Corporation | Methods and systems for providing variable rates of service for accessing networks, methods and systems for accessing the internet |
US7313237B2 (en) | 2000-02-22 | 2007-12-25 | Microsoft Corporation | Methods and systems for providing variable rates of service for accessing networks, methods and systems for accessing the internet |
US7500263B2 (en) * | 2000-02-22 | 2009-03-03 | Microsoft Corporation | Methods and systems for accessing networks, methods and systems for accessing the Internet |
US7444669B1 (en) | 2000-05-05 | 2008-10-28 | Microsoft Corporation | Methods and systems for providing variable rates of service for accessing networks, methods and systems for accessing the internet |
US7496652B2 (en) | 2000-07-17 | 2009-02-24 | Teleservices Solutions, Inc. | Intelligent network providing network access services (INP-NAS) |
US20090238349A1 (en) * | 2000-07-17 | 2009-09-24 | Teleservices Solutions, Inc. | Intelligent Network Providing Network Access Services (INP-NAS) |
US8504729B2 (en) | 2000-07-17 | 2013-08-06 | Degage Limited Liability Company | Intelligent network providing network access services (INP-NAS) |
US20040249927A1 (en) * | 2000-07-17 | 2004-12-09 | David Pezutti | Intelligent network providing network access services (INP-NAS) |
US7068999B2 (en) * | 2002-08-02 | 2006-06-27 | Symbol Technologies, Inc. | System and method for detection of a rogue wireless access point in a wireless communication network |
US20040023640A1 (en) * | 2002-08-02 | 2004-02-05 | Ballai Philip N. | System and method for detection of a rogue wireless access point in a wireless communication network |
US10015168B2 (en) | 2002-08-19 | 2018-07-03 | Blackberry Limited | System and method for secure control of resources of wireless mobile communication devices |
US20050213763A1 (en) * | 2002-08-19 | 2005-09-29 | Owen Russell N | System and method for secure control of resources of wireless mobile communication devices |
US9391992B2 (en) | 2002-08-19 | 2016-07-12 | Blackberry Limited | System and method for secure control of resources of wireless mobile communication devices |
CN1689302B (en) * | 2002-08-19 | 2011-01-19 | 捷讯研究有限公司 | System and method for secure control of resources of wireless mobile communication devices |
US9998466B2 (en) | 2002-08-19 | 2018-06-12 | Blackberry Limited | System and method for secure control of resources of wireless mobile communication devices |
US8661531B2 (en) | 2002-08-19 | 2014-02-25 | Blackberry Limited | System and method for secure control of resources of wireless mobile communication devices |
WO2004017592A1 (en) * | 2002-08-19 | 2004-02-26 | Research In Motion Limited | System and method for secure control of resources of wireless mobile communication device |
US8544084B2 (en) | 2002-08-19 | 2013-09-24 | Blackberry Limited | System and method for secure control of resources of wireless mobile communication devices |
US10298584B2 (en) | 2002-08-19 | 2019-05-21 | Blackberry Limited | System and method for secure control of resources of wireless mobile communication devices |
US10999282B2 (en) | 2002-08-19 | 2021-05-04 | Blackberry Limited | System and method for secure control of resources of wireless mobile communication devices |
US8893266B2 (en) | 2002-08-19 | 2014-11-18 | Blackberry Limited | System and method for secure control of resources of wireless mobile communication devices |
US8626139B2 (en) | 2002-11-08 | 2014-01-07 | Blackberry Limited | System and method of connection control for wireless mobile communication devices |
WO2004109535A1 (en) * | 2003-06-05 | 2004-12-16 | Ipass Inc. | Method and system of providing access point data associated with a network access point |
US8606885B2 (en) | 2003-06-05 | 2013-12-10 | Ipass Inc. | Method and system of providing access point data associated with a network access point |
US20050021781A1 (en) * | 2003-06-05 | 2005-01-27 | Singam Sunder | Method and system of providing access point data associated with a network access point |
US9137668B2 (en) | 2004-02-26 | 2015-09-15 | Blackberry Limited | Computing device with environment aware features |
US7958352B2 (en) | 2004-04-08 | 2011-06-07 | Ipass Inc. | Method and system for verifying and updating the configuration of an access device during authentication |
US20090150525A1 (en) * | 2004-04-08 | 2009-06-11 | Ipass, Inc. | Method and system for verifying and updating the configuration of an access device during authentication |
USRE48679E1 (en) | 2004-04-30 | 2021-08-10 | Blackberry Limited | System and method for handling data transfers |
USRE49721E1 (en) | 2004-04-30 | 2023-11-07 | Blackberry Limited | System and method for handling data transfers |
USRE44746E1 (en) | 2004-04-30 | 2014-02-04 | Blackberry Limited | System and method for handling data transfers |
USRE46083E1 (en) | 2004-04-30 | 2016-07-26 | Blackberry Limited | System and method for handling data transfers |
US10515195B2 (en) | 2005-06-29 | 2019-12-24 | Blackberry Limited | Privilege management and revocation |
US9282099B2 (en) | 2005-06-29 | 2016-03-08 | Blackberry Limited | System and method for privilege management and revocation |
US9734308B2 (en) | 2005-06-29 | 2017-08-15 | Blackberry Limited | Privilege management and revocation |
US9531731B2 (en) | 2010-09-24 | 2016-12-27 | Blackberry Limited | Method for establishing a plurality of modes of operation on a mobile device |
US10318764B2 (en) | 2010-09-24 | 2019-06-11 | Blackberry Limited | Method and apparatus for differentiated access control |
US9378394B2 (en) | 2010-09-24 | 2016-06-28 | Blackberry Limited | Method and apparatus for differentiated access control |
US9047451B2 (en) | 2010-09-24 | 2015-06-02 | Blackberry Limited | Method and apparatus for differentiated access control |
US9147085B2 (en) | 2010-09-24 | 2015-09-29 | Blackberry Limited | Method for establishing a plurality of modes of operation on a mobile device |
US9519765B2 (en) | 2010-09-24 | 2016-12-13 | Blackberry Limited | Method and apparatus for differentiated access control |
US9225727B2 (en) | 2010-11-15 | 2015-12-29 | Blackberry Limited | Data source based application sandboxing |
US9967055B2 (en) | 2011-08-08 | 2018-05-08 | Blackberry Limited | System and method to increase link adaptation performance with multi-level feedback |
US9497220B2 (en) | 2011-10-17 | 2016-11-15 | Blackberry Limited | Dynamically generating perimeters |
US10735964B2 (en) | 2011-10-17 | 2020-08-04 | Blackberry Limited | Associating services to perimeters |
US9161226B2 (en) | 2011-10-17 | 2015-10-13 | Blackberry Limited | Associating services to perimeters |
US9402184B2 (en) | 2011-10-17 | 2016-07-26 | Blackberry Limited | Associating services to perimeters |
US10848520B2 (en) | 2011-11-10 | 2020-11-24 | Blackberry Limited | Managing access to resources |
US9720915B2 (en) | 2011-11-11 | 2017-08-01 | Blackberry Limited | Presenting metadata from multiple perimeters |
US8799227B2 (en) | 2011-11-11 | 2014-08-05 | Blackberry Limited | Presenting metadata from multiple perimeters |
US9262604B2 (en) | 2012-02-01 | 2016-02-16 | Blackberry Limited | Method and system for locking an electronic device |
US9698975B2 (en) | 2012-02-15 | 2017-07-04 | Blackberry Limited | Key management on device for perimeters |
US9306948B2 (en) | 2012-02-16 | 2016-04-05 | Blackberry Limited | Method and apparatus for separation of connection data by perimeter type |
US9077622B2 (en) | 2012-02-16 | 2015-07-07 | Blackberry Limited | Method and apparatus for automatic VPN login on interface selection |
US8931045B2 (en) | 2012-02-16 | 2015-01-06 | Blackberry Limited | Method and apparatus for management of multiple grouped resources on device |
US9426145B2 (en) | 2012-02-17 | 2016-08-23 | Blackberry Limited | Designation of classes for certificates and keys |
US8893219B2 (en) | 2012-02-17 | 2014-11-18 | Blackberry Limited | Certificate management method based on connectivity and policy |
US9294470B2 (en) | 2012-02-17 | 2016-03-22 | Blackberry Limited | Certificate management method based on connectivity and policy |
US11032283B2 (en) | 2012-06-21 | 2021-06-08 | Blackberry Limited | Managing use of network resources |
US9369466B2 (en) | 2012-06-21 | 2016-06-14 | Blackberry Limited | Managing use of network resources |
US8972762B2 (en) | 2012-07-11 | 2015-03-03 | Blackberry Limited | Computing devices and methods for resetting inactivity timers on computing devices |
US9423856B2 (en) | 2012-07-11 | 2016-08-23 | Blackberry Limited | Resetting inactivity timer on computing device |
US9075955B2 (en) | 2012-10-24 | 2015-07-07 | Blackberry Limited | Managing permission settings applied to applications |
US9065771B2 (en) | 2012-10-24 | 2015-06-23 | Blackberry Limited | Managing application execution and data access on a device |
US8656016B1 (en) | 2012-10-24 | 2014-02-18 | Blackberry Limited | Managing application execution and data access on a device |
US10460086B2 (en) | 2013-01-29 | 2019-10-29 | Blackberry Limited | Managing application access to certificates and keys |
US9386451B2 (en) | 2013-01-29 | 2016-07-05 | Blackberry Limited | Managing application access to certificates and keys |
US9940447B2 (en) | 2013-01-29 | 2018-04-10 | Blackberry Limited | Managing application access to certificates and keys |
Also Published As
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6233446B1 (en) | Arrangement for improving security in a communication system supporting user mobility | |
CA2229922C (en) | Cellular communications system | |
US6324579B1 (en) | Personalizing access to the internet via an access network and an internet service provider using an internet subscriber profile | |
AU765973B2 (en) | Internet protocol traffic filter for a mobile radio network | |
KR100827978B1 (en) | Flexible access authorization feature to enable mobile users to access services in 3? wireless networks | |
EP0976278B1 (en) | Preventing misuse of a copied subscriber identity in a mobile communication system | |
US5678170A (en) | Method and apparatus for monitoring and limiting distribution of data | |
US5577110A (en) | Access to capabilities of other telephone stations | |
JP2001514819A (en) | System for processing service data of telecommunication systems | |
EP0969645B1 (en) | A method to provide a service, a service provider realizing such a method and a universal personal telecommunication network including such a service provider | |
US8804932B2 (en) | Protection of services in mobile network against CLI spoofing | |
US6044269A (en) | Method for enhanced control of mobile call delivery | |
US7496372B1 (en) | Accessing numbers outside a closed user group in a mobile communication system | |
KR20010007291A (en) | Server for dialup connection | |
US20040121759A1 (en) | Pre-connection call authentication within a telephony network | |
JPH11355353A (en) | Method for using pair consisting of call number and internet transmission address | |
JP2007535185A (en) | Method for providing authorization for a user during a telephone connection and telecommunication system | |
CN114697036A (en) | Telephone number access method and communication intermediary system | |
KR20040100154A (en) | Special number rejecting system using short message service and method thereof | |
GB2405286A (en) | A telecommunications service access control method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: TELEFONAKTIEBOLAGET LM ERICSSON, SWEDEN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:DO, THANH VAN;REEL/FRAME:010434/0350 Effective date: 19991014 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
FPAY | Fee payment |
Year of fee payment: 4 |
|
FPAY | Fee payment |
Year of fee payment: 8 |
|
FPAY | Fee payment |
Year of fee payment: 12 |